Anda di halaman 1dari 18

BIOMETRICS

. . . the body is the password

Submitted by

T.Sreedhar M.Suresh
S.S & N College, Narsaraopet S.S & N College, Narsaraopet
sreedhar.mca2009@gmail.com sureshm1986@gmail.com

INTRODUCTION
ABSTRACT:
In recent years there has
been a wealth of information amassed
in the area of biological sciences and Biometrics is the technique of using
this necessitated the development of unique, non-transferable, physical
altogether new area called “BIO
METRICS”. Biometrics requires an characteristics, such as fingerprints, to
unambiguous understanding of gain entry for personal identification.
modern bio chemistry, micro biology,
bio and electrical technology by use This replaces pin codes and passwords,
of state of art techniques and tools which can be forgotten, lost or stolen.
developed by and employed in
computer science, information Biometric IDs cannot be transferred
technology and mathematics.
.

Biometrics are best true identity of an individual. Initially,


defined as measurable physiological these techniques were employed
and / or behavioral characteristics that primarily in specialist high security
can be utilized to verify the identity of applications, however we are now seeing
an individual. They are of interest in any their use and proposed use in a much
area where it is important to verify the broader range of public facing situations.
Biometrics measure individuals' unique security in a simple, reliable, and cost
physical or behavioral characteristics to effective way.
recognize or authenticate their identity. WHAT IS BIOMETRICS
Common physical biometrics include
fingerprints; hand or palm geometry; and The security field uses three different
retina, iris, or facial characteristics. types of authentication:
Behavioral characters include signature,  something you know—a
voice (which also has a physical password, PIN, or piece of
component), keystroke pattern, and gait. personal information (such as
Of this class of biometrics, technologies your mother's maiden name);
for signature and voice are the most  something you have—a card key,
developed. Now a days the biometrics smart card, or token (like a
technology is preferred by many Secured card); and/or
organization for the security purpose and  Something you are—a biometric.
in coming future we will see the same
technology in ATM machine, telephone Biometrics involve directly
transactions, internet transactions and so the human being for the identification or
on. verification. Traditionally many security
Biometrics are not a future system employ the verification technique
technology, they are a current rather than the identification which is the
technology, with a bigger role in the main aim of biometrics. Although it
future. Biometrics will not to replace doesn’t totally remove the pin/password
passwords, swipe cards, or pin numbers but with that tool it provide a very tight
etc, rather work with them in enhancing security system.

country such as India where large Biometrics as said earlier


segment of population is illiterate and uses the individual’s physical
can not sign their names, thumbprint characteristics to do its job like hand
signature is considered legal signature. geometry, retina structure, palm size etc.
Biometrics involves different types of
devices for that. Eg, fingerprint scanner,
iris reader etc. It make use of the genetic on. It is well known that some personnel
differences between the two persons traits are distinct to each individual and
which is a universal truth. Every human so people can be identified on the basis
being on the earth have a unique of their physical characteristics. Of
identification and that are shown in their course, they didn’t have automated
different body organs. Biometrics picks electronic biometric readers and
up that particular peculiarity to computer networks (as far as we know),
distinguish the two bodies, and that and they certainly were not dealing with
makes it so strong. the numbers of individuals that we have
to accommodate today, but the basic
HISTORY BEHIND BIOMETRIC principles were similar.
SECURITY
Alphonse Bertillon, Chief of the
In fact, the basic principles of biometric criminal identification division, police
verification were understood and department in France, Paris developed a
practiced somewhat earlier. Thousands detail method of identification based on
of years earlier to be precise, as our the number of bodily measurements and
friends in the Nile valley routinely physical descriptions. The Bertillon
employed biometric verification in a method of anthropometric identification
number of everyday business situations. gained wide acceptance before finger
There are many references to individuals print identification superseded it
being formally identified via unique .However such recognition is not limited
physiological parameters such as scars, to faces. For example friends or relatives
measured physical criteria or a talking on telephone recognizes one
combination of features such as another’s voices.
complexion, eye colour, height and so
The most popular Biometrics China recognized the individuality of
Characteristics is the finger print. finger print impression. Even today in
Scientists know form the number of
archeological artifacts that ancient
civilization such as those of Babylon and
Later, in the nineteenth century there non contact technology, although there
was a peak of interest as researchers into are additional issues involved in this
criminology attempted to relate physical respect
features and characteristics with criminal
METHODOLOGIES OF
tendencies. This resulted in a variety of
BIOMETRICS
measuring devices being produced and
RETINA
much data being collected. The results
were not conclusive but the idea of
An established technology
measuring individual physical
where the unique patterns of the retina
characteristics seemed to stick and the
are scanned by a low intensity light
parallel development of fingerprinting
source via an optical coupler It involves
became the international methodology
analyzing the layer of blood vessels
among police forces for identity
situated at the back of the eye. Retinal
verification.
scanning has proved to be quite accurate
in use but does require the user to look
In parallel, other biometric
into a receptacle and focus on a given
methodologies such as fingerprint
point. This is not particularly convenient
verification were being steadily
if you are a spectacle wearer or have
improved and refined to the point where
concerns about intimate contact with the
they would become reliable, easily
reading device. For these reasons retinal
deployed devices. In recent years, we
scanning has a few user acceptance
have also seen much interest in iris
problems although the technology itself
scanning and facial recognition
can work well.
techniques which offer the potential of a

IRIS undoubtedly the less intrusive of the eye-

An iris-based biometric, on the other related biometrics, uses a fairly

hand, involves analyzing features found conventional ccd camera element and

in the colored ring of tissue that requires no close contact between the

surrounds the pupil. Iris scanning, user and the reader. In addition, it has
the potential for higher than average recognition from the user perspective,
template-matching performance. Iris but one needs to be realistic in ones
biometrics work with glasses in place expectations of the technology. To date,
and is one of the few devices that can facial recognition systems have had
work well in identification mode. Ease limited success in practical applications.
of use and system integration have not However, progress continues to be made
traditionally been strong points with iris in this area and it will be interesting to
scanning devices, but you can expect see how future implementations perform.
improvements in these areas as new If technical obstacles can be overcome,
products emerge. we may eventually see facial recognition
FACE become a primary biometric
A technique which has methodology.
attracted considerable interest and whose
capabilities have often been SIGNATURE
misunderstood . Face recognition Signature verification
analyzes facial characteristics. It requires devices have proved to be reasonably
a digital camera to develop a facial accurate in operation and obviously lend
image of the user for authentication. It is themselves to applications where the
one thing to match two static images (all signature is an accepted identifier.
that some systems actually do - not in Signature verification analyzes the way a
fact biometrics at all), it is quite another user signs her name. Signing features
to unobtrusively detect and verify the such as speed, velocity, and pressure are
identity of an individual within a group as important as the finished signature's
(as some systems claim). It is easy to static shape. Signature verification
understand the attractiveness of facial enjoys a synergy with existing processes
that other biometrics do not. People are Surprisingly, relatively few significant
used to signatures as a means of signature applications have emerged
transaction-related identity verification, compared with other biometric
and most would see nothing unusual in methodologies. But if your application
extending this to encompass biometrics. fits, it is a technology worth considering.
VOICE HAND RECOGNITION
Voice authentication is not based Hand
on voice recognition but on voice-to- geometry is concerned with measuring
print authentication, where complex the physical characteristics of the users
technology transforms voice into text. hand and fingers, Hand Geometry
Voice biometrics has the most potential scanning systems scan the size, length,
for growth, because it requires no new thickness and surface of a user’s hand
hardware—most PCs already contain a (including fingers), in order to verify the
microphone. However, poor quality and user. Unlike other biometrics, such as
ambient noise can affect verification. In fingerprints and retina scanning, hand
addition, the enrollment procedure has geometry cannot be guaranteed as
often been more complicated than with unique; hence, hand geometry is not an
other biometrics, leading to the identification technique, but rather a
perception that voice verification is not verification technique.
user friendly. Therefore, voice Hand reader machines require the
authentication software needs user to first swipe their ID card through
improvement. One day, voice may the machine, or enter their pin number.
become an additive technology to finger- Based on the result from this, the hand
scan technology. Because many people geometry data for that person is retrieved
see finger scanning as a higher from a database. The user is then
authentication form, voice biometrics required to place their hand into the
will most likely be relegated to replacing reader machine, which has pegs inside to
or enhancing PINs, passwords, or separate the fingers. A scan of the hand
account names.
is taken and is matched against the hand Hand geometry verification is
geometry data retrieved from the widely used today, especially in airports
database. Assuming the verification is and military centers. This methodology
complete; the user is allowed access to may be suitable where we have larger
the area in question. user bases or users who may access the
system infrequently and may therefore HOW THE SYSTEM
be less disciplined in their approach to
WORKS
the system.
Whilst individual biometric devices and
FINGERPRINT systems have their own operating
VERIFICATION methodology, there are some
A fingerprint looks generalisations one can make as to what
at the patterns found on a fingertip. typically happens within a biometric
There are a variety of approaches to systems implementation.
fingerprint verification. Some emulate 1. Obviously, before we can verify an
the traditional police method of individuals identity via a biometric we
matching minutiae; others use straight must first capture a sample of the chosen
pattern-matching devices; and still others biometric. This ‘sample’ is referred to as
are a bit more unique, including things a biometric template and is the reference
like moiréfringe patterns and ultrasonics. data against which subsequent samples
Some verification approaches can detect provided at verification time are
when a live finger is presented; some compared. A number of samples are
cannot. usually captured during enrolment
Fingerprint verification may (typically three) in order to arrive at a
be a good choice for in house systems truly representative template via an
where adequate explanation and training averaging process. The template is then
can be provided to users and where the referenced against an identifier (typically
system is operated within a controlled a PIN or card number if used in
environment. It is not surprising that the conjunction with existing access control
workstation access application area tokens) in order to
seems to be based almost exclusively
around fingerprints, due to the relatively
low cost, small size (easily integrated
into keyboards) and ease of integration
recall it ready for comparison with a live enrolment procedure and quality of the
sample at the transaction point. The resultant template are critical factors in
the overall success of a biometric together directly, it is possible to share
application. A poor quality template will templates across the network.
often cause considerable problems for The potential disadvantage is that the
the user, often resulting in a re- templates are somewhat vulnerable and
enrolment. dependent upon the device being both
present and functioning correctly. If
2. Template storage is an area of anything happens to the device, you may
interest, particularly with large scale need to re-install the template database
applications which may accommodate or possibly re-enrol the user base.
many thousands of individuals. The Option 2, storing the templates in a
possible options are as follows; central repository is the option which
1) Store the template within the will naturally occur to IT systems
biometric reader device. engineers. This may work well in a
2) Store the template remotely in a secure networked environment where
central repository. there is sufficient operational speed for
3) Store the template on a portable token template retrieval to be invisible to the
such as a chip card. user. However, we must bear in mind
Option 1, storing the template within the that with a large number of readers
biometric device has both advantages working simultaneously there could be
and disadvantages depending on exactly significant data traffic, especially if users
how it is implemented. The advantage is are impatient and submit multiple
potentially fast operation as a relatively verification attempts. The size of the
small number of templates may be stored biometric template itself will have some
and manipulated efficiently within the impact on this, with popular
device. In addition, you are not relying methodologies varying between 9 bytes
on an external process or data link in and 1.5k. Another aspect to consider is
order to access the template. In some that if the network fails, the system
cases, where devices may be networked effectively stops unless
there is some sort of additional local implement with some devices, using the
storage. This may be possible to internal storage for recent users and
instructing the system to search the chip card reading process fails for any
central repository if the template cannot reason or if a genuine user loses their
be found locally. token and can provide suitable identity
Option 3, storing the template on a information. Your choice of template
token. This is an attractive option for storage may be dictated to some extent
two reasons. Firstly, it requires no local by your choice of biometric device.
or central storage of templates (unless Some devices offer greater flexibility
you wish to) and secondly, the user than others in this respect.
carries their template with them and can
use it at any authorised reader position. 3. Verification. The verification process
However, there are still considerations. requires the user to claim an identity by
If the user is attracted to the scheme either entering a PIN or presenting a
because he believes he has effective token, and then verify this claim by
control and ownership of his own providing a live biometric to be
template (a strong selling point in some compared against the claimed reference
cases) then you cannot additionally store template. There will be a resulting match
his template elsewhere in the system. If or no match accordingly (the parameters
he subsequently loses or damages his involved will be discussed later under
token, then he will need to re-enroll. performance measures). A record of this
Another consideration may be unit cost transaction will then be generated and
and system complexity if you need to stored, either locally within the device or
combine chip card readers and biometric remotely via a network and host (or
readers at each enrolment and indeed both).
verification position. With certain devices, you may allow the
If the user base has no objection, you user a number of attempts at verification
may wish to consider both on token and before finally rejecting them if the
central storage of templates (options 2 templates do not match. Setting this
and 3) this could provide fast local parameter requires some
operation with a fallback position if the
thought. On the one hand, you want to which may in turn be polled periodically
provide every opportunity for a valid (over night for example) in order to
user (who may be having difficulty using download transactions to a central point.
the system) to be recognised. On the In either case, you will probably wish to
other hand, you do not want impostors to adopt a local procedure to deal with error
have too much opportunity to and exceptional conditions, which will in
experiment. turn require some sort of local
With some systems, the reference messaging. This may be as simple as a
template is automatically updated upon relay closure in the event of a failed
each valid transaction. This allows the transaction activating an annunciator of
system to accommodate minor changes some description.
to the users live sample as a result of What you do with this transaction data is
ageing, local abrasions etc. and may be a another matter. You may wish to analyse
useful feature when dealing with large it via an existing reporting tool (if it is in
userbases. a suitable format) or perhaps write a
4. Transaction storage. This is an custom application in order to show
important area as you will certainly wish transactions in real time as well as write
to have some sort of secure audit trail them to a central database.
with respect to the use of your system. PERFORMANCE MEASURES
Some devices will store a limited
False accepts, false rejects, equal
number of transactions internally,
error rates, enrolment and verification
scrolling over as new transactions are
times - these are the typical performance
received. This is fine as long as you are
measures quoted by device vendors (how
confident of retrieving all such
they arrived at them is another matter).
transactions before the buffer fills up and
But what do they really mean? Are these
you start losing them. In practice, this is
performance statistics actually realized
unlikely to be a problem unless you have
in real systems implementations? Can
severe network errors. In some cases,
we accept them with any degree of
you may wish to have each biometric
confidence?
device connected directly to a local PC
False accept rates (FAR) indicate
the likelihood that an impostor may be
falsely accepted by the system.

Verification time is often misunderstood These measures are expressed


as vendors will typically describe the in percentage (of error transactions)
average time taken for the actual terms, with an equal error rate of
verification process, which will not somewhere around 0.1% being a typical
typically include the time taken to figure. However, the quoted figures for a
present the live sample or undertake given device may not be realized in
other processes such as the presentation practice for a number of reasons. These
of a token or keying False reject will include user discipline, familiarity
rates (FRR) indicate the likelihood that with the device, user stress, individual
the genuine user may be rejected by the device condition, the user interface,
system. This measure of template speed of response and other variables.
matching can often be manipulated by We must remember that vendor quoted
the setting of a threshold, which will bias statistics may be based upon limited tests
the device towards one situation or the under controlled laboratory conditions,
other. Hence one may bias the device supplemented by mathematical theory.
towards a larger number of false accepts They should only ever be viewed as a
but a smaller number of false rejects rough guide and not relied upon for
(user friendly) or a larger number of actual system performance expectations.
false rejects but a smaller number of This situation is not because
false accepts (user unfriendly), the two vendors are trying to mislead you (in
parameters being mutually exclusive. most cases anyway) but because it is
Somewhere between the extremes is the almost impossible to give an accurate
equal error point where the two curves indication of how a device will perform
cross and which may represent a more in a limitless variety of real world
realistic measure of performance than conditions.
either FAR or FRR. Similarly, actual enrolment
times will depend upon a number of
variables inherent in your enrolment using custom software? How well
procedure. Are the users pre-educated? trained is the enrolling administrator?
Have they used the device before? What How many enrolment points will you be
information are you gathering? Are you
operating? What other processes are to conform with regard to their quoted
involved? And so on. The vendors specifications and the method used to
cannot possibly understand these arrive at them. We should therefore
variables for every system and their continue to view such specifications as a
quoted figure will again be based upon rough guide and rely on our own trials
their own in house experiences under and observations to provide a more
controlled conditions. of a PIN. Consider meaningful appraisal of overall
also an average time for user error and performance.
system response and it will be apparent As a side issue to the above, there is a
that the end to end verification question concerning the uniqueness of
transaction time will be nothing like the biometric parameters such as
quoted figure. fingerprints, irises, hands and so forth.
Given the above, it will come as The degree of individuality or similarity
no surprise that biometric device within a userbase will naturally affect
performance measures have sometimes performance to some degree. It is outside
become a contentious issue when the scope of this paper to examine this
implementing real systems. In order to aspect in any detail, but suffice it to say
provide an independent view a National that no one has reliable data for the
Biometric Test Centre has been whole world and cannot therefore say
established in the US with a similar that any biometric is truly unique. What
facility recently announced in Hong we can say is that the probability of
Kong. These centres are based at finding identical fingerprints, irises,
academic institutions and will over time hands etc. within a typical userbase is
no doubt provide for some interesting low enough for the parameter in question
views. However, this does not to be regarded as a reliable identifier.
necessarily mean that vendors will rush Splitting hairs maybe, but beware of
claims of absolute uniqueness - some widely taken while in the case of false-
individuals are similar enough to cause acceptance sometimes an unauthorized
false accepts, even in finely tuned person may got the access permission
systems. which may be dangerous. Hence based
on these two variables the accuracy of
the installed technology is measured.

ACCURACY

There are wto parameters to judge the


ADVANTAGES
accuracy of the biometrics system :false
acceptance rate and false-rejection rate.
 Biometric identification provide
Both methods focus on the system's
a unique identification.
ability to allow limited entry to
authorized users. However, these
 Biometrics is more reliable and
measures can vary significantly,
efficient in distinguishing
depending on how you adjust the
between a specific individual and
sensitivity of the mechanism that
an imposter.
matches the biometric. For example, you
can require a tighter match between the
 Biometric identification protects
measurements of hand geometry and the
customers against theft and fraud.
user's template (increase the sensitivity).
This will probably decrease the false-
 Identification of the individuals
acceptance rate, but at the same time can
is based on the individual’s
increase the false-rejection rate. So be
unique physical and biological
careful to understand how vendors arrive
qualities that can not be traded,
at quoted values of FAR and FRR.
shared, lost or stolen.
Technology leaning toward the false
reject protect any unauthorized
acceptance and hence become more
 Degree of the efficiency is too  FRR (false rejection rate) is
much in the biometric technique. probability by which system can
reject a genuine individual.
 The techniques like DNA
profiling are highly reliable and  Cost of the implementation tools
efficient that’s why it is going to is too high (such as finger print
be adopted widely. sensors are extremely expensive).

 It is much efficient than the  The cost of the storing biometric


(PIN) personal identification templates and of the computing
number or token-based power required to process and
authentication techniques. match biometric measurement is
quite high.
 After all it can’t be forgotten or
lost.  There are some techniques like
DNA profiling which is
complicated and time taking
DISADVANTAGES process.

 Biometric system may not give


 Change of hair style in facial
an accurate identification.
recognition, wearing glasses, and
light intensity in retina scanning
 A Biometric system can establish
may effect the authentication
an identity only to a certain level
process.
of accuracy.

 FAR (False acceptance rate) is


probability by which system can
accept imposter as genuine
APPLICATIONS
individual.
Security systems use biometrics for two For a long time, biometric-based
basic purposes: to verify or to identify network and computer access were areas
users. Identification tends to be the more often discussed but rarely implemented.
difficult of the two uses because a Analysts see virtual access as the
system must search a database of application that will provide the critical
enrolled users to find a match (a one-to- mass to move biometrics for network
many search). and computer access from the realm of
science-fiction devices to regular system
components. passwords are currently the
Physical access: most popular way to protect data on a
Today, the primary application of network. Biometrics, however, can
biometrics is in physical security: to increase a company's ability to protect its
control access to secure locations (rooms data by implementing a more secure key
or buildings). Biometrics are useful for than a password. Using biometrics also
high-volume access control. For allows a hierarchical structure of data
example, biometrics controlled access of protection, making the data even more
65,000 people during the 1996 Olympic secure: Passwords supply a minimal
Games, and Disney World uses a level of access to network data;
fingerprint scanner to verify season-pass biometrics, the next level. You can even
holders entering the theme park. layer biometric technologies to enhance
Government – passports, national ID security levels.
cards, voter cards, driver’s licenses,
social services, etc;
E-Commerce:
Transportation – airport security,
E-commerce developers are exploring
boarding passes and commercial driver’s
licenses; the use of biometrics and smart cards to
more accurately verify a trading party's
Healthcare – medical insurance cards,
patient/employee identity cards; identity. For example, many banks are
interested in this combination to better
Financial – bank cards, ATM cards,
credit cards and debit cards; authenticate customers and ensure
nonrepudiation of online banking,
Virtual Access:
trading, and purchasing transactions.
Some are using biometrics to obtain FUTURE OF BIOMETRICS
Although companies
secure services over the telephone
are using biometrics for authentication in
through voice authentication. Developed
a variety of situations, the industry is
by Nuance Communications, voice
still evolving and emerging. To both
authentication systems are currently
guide and support the growth of
deployed nationwide by the Home
biometrics, the Biometric Consortium
Shopping Network.
formed in December 1995.
Standardization:
Standards are emerging to provide a
common software interface, to allow
Other Applications involve:
sharing of biometric templates, and to
Voting systems, where eligible
permit effective comparison and
politicians are required to verify their
evaluation of different biometric
identity during a voting process. This is
technologies.
intended to stop ‘proxy’ voting where
The BioAPI
the vote may not go as expected.
standard released at the conference,
Junior school areas
defines a common method for
where (mostly in America) problems had
interfacing with a given biometric
been experienced with children being
application. BioAPI is an open-systems
either molested or kidnapped.
standard developed by a consortium of
The application of biometrics in
more than 60 vendors and government
near future will be in ATM Machines
agencies. Written in C, it consists of a
where the leading banks will use
set of function calls to perform basic
biometrics as a general means of
actions common to all biometric
combating card fraud.
technologies, such as
Apart from these this technology is
* enroll user,
going to make place in internet
* verify asserted identity
transaction, telephone transaction, and
(authentication), and
will be used as public identity cards.
* discover identity.
Another draft standard is the Common complicated and distinctively secured to
Biometric Exchange File Format, which each unique identity. It is the imperfect
defines a common means of exchanging design of the system and its elements
and storing templates collected from a that produces the security holes. Hence,
variety of biometric devices. to achieve higher security performance,
Hybrid Technology: the design of biometric system should
One of the more interesting uses of take into consideration the possible
biometrics involves combining vulnerabilities of the processes and
biometrics with smart cards and public- algorithms of the system for the whole
key infrastructure (PKI). Vendors life cycle, namely data collection, data
enhance security by placing more transmission, storage, templates
biometric functions directly on the smart comparison and susceptibility of the
card. Some vendors have built a system to physical human attack.
fingerprint sensor directly into the smart Another challenge
card reader, which in turn passes the confronting biometrics is the fact that
biometric to the smart card for people are not ready to accept the
verification. PKI uses public- and technology in its entirety. Due to the far-
private-key cryptography for user reaching impact of biometric data
identification and authentication. It is misuse, any irresponsible use of the
mathematically more secure, and it can technology could be destructive to the
be used across the Internet. society and would certainly compromise
CONCLUSION the privacy rights of people. Thus,
regulations are needed to control and
At its infancy, current
manage the implementation of
biometric technology is still considered
biometrics. 3-factors authentication,
immature to completely replace
microchip implantation and DNA
password and other authentication
profiling are among the many that
schemes. Security wise, biometric
deserve attention.
technology shows vulnerabilities that
Although the challenges
can be easily exploited for wrongful
confronting biometrics are many, none
purposes. Biometrics itself is by nature
of these is going to stop the progress of
biometrics being used as authentication
and identification tools. This is not the
time to argue whether biometrics should
be used widely or not in the future. A
wiser approach would be to prepare the
people mentally and psychologically for
the new technology, make further
improvements to the technology itself
and think of how to properly use
biometrics for everybody’s benefit.

REFERENCES:

[1]. Sturgeon, W. (2004).


“Biometrics used to keep German
Olympians safe...but what are they
testing - moustache or mullet?”
Security Strategy Sillicon.com

[2]. “The Biometrics


Market in Germany 2004-2009: Anti-
terrorism Laws Drive Growth” (2004).
Soreon Research.

[3]. Tracy V.Wilson,


(2004) from “How Biometrics works?”

[4]. Dinah BLIRANDO,


Student-Engineer Supinfo Caraïbes
SUPINFO